Vigil@nce - TYPO3 Powermail: bypassing Captcha
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can post a form on TYPO3 Powermail, even if a Captcha
is used.
– Impacted products: TYPO3 Extensions
– Severity: 2/4
– Creation date: 10/04/2014
DESCRIPTION OF THE VULNERABILITY
The Powermail extension can be installed on TYPO3.
It uses a Captcha (shape recognition) to valid that forms are
filled in by a human being. However, an attacker can bypass this
Captcha.
An attacker can therefore post a form on TYPO3 Powermail, even if
a Captcha is used.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-Powermail-bypassing-Captcha-14575